B2c: Override Custom AccountEnabled (Block Sign-In) behaviour

Mikhail Delly 126 Reputation points
2023-01-30T14:29:40.11+00:00

There is a possibility to Block Sign-In for AD users using Block Sign-In property in b2c. It is general solution to use "accountEnabled" property to manage it via Graph API.

But it seems it doesn't work for external IDPs (Social (Google, Facebook) etc.)

https://learn.microsoft.com/en-us/answers/questions/1164502/b2c-block-sign-in-for-social-(google-facebook)-and

There is two ways to do this:

Unfortunately, in a solution with default accountEnabled prop it is impossible to reach the redirect orchestration step cause default validator throws and error if Block Sign-In is TRUE and terminates UserJourney for users which are using AAD as IDP.

Is it possible to override default validating accountEnabled behavior to have same redirection for all types of IDPs? Or the only one way is to use custom extension_accountEnabled prop and redirect on error page based on it?

Thanks.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,992 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,016 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,149 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,491 Reputation points
    2023-02-01T15:53:55.9833333+00:00

    Hello, the accountEnabled attribute for Azure AD B2C federated accounts is managed by Azure AD B2C itself. The only way to block this type of account is using the refered sample which leverages the extension_accountEnabled custom attribute.

    Let us know if you need additional assistance. If the answer was helpful, please accept it so that others can find a solution.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.